Twitter hack: what do we know so far?

The Twitter hack is being trending topic (Although, paradoxically, the social network does not show it among current topics, we will talk about it later). Since the last (Spanish) hour of yesterday and until now, follow the count of the affected accounts, of the “performance” that they may have obtained with this action, if the damages are going to be limited to what has already happened or if we still have to wait for more … an endless number of doubts that not even the people in charge of the social network can safely answer. At the moment doubts win.

The little that is known so far about the Twitter hack comes from the official support account of the social network, which in the last few hours has published and updated a thread in which he claims to be aware of the incidence, on the security measures adopted and from the first conclusions drawn from open research, which at this time would remain active.

The most interesting thing that we can extract from it, and that has been confirmed by motherboard, is that the origin of the Twitter hack would be in a social network employee who would have received a financial consideration for allowing attackers to use certain administration tools which are only accessible to company personnel. And it would be in this way, through them, that the attackers would have managed to access all the accounts that have been involved in this cybercrime.

In case you do not know what the hacking of Twitter consisted of, last night quite a few accounts, and I am talking about both personal and very relevant companies accounts (from Barack Obama or Joe Biden to Jeff Bezos, Elon Musk and Bill Gates, going through Apple and Uber, to give just a few examples) published a tweet in which they stated that all the money (in bitcoins) they received in a certain digital wallet, would be returned, but multiplied by two, to the people who would have contributed. Yes, that is, if you sent Elon Musk a bitcoin, he would send you two.

Although there are no official figures (and you may never know them, because many victims will surely hide it out of shame), there is talk that Could have been scammed $ 120,000 by the authors of the Twitter hack. The list of all affected accounts has not been made public either, and although the social network is reporting the event in the thread I mentioned earlier, the truth is that it is significantly limiting the conversation about it.

Regarding the measures adopted, before the Twitter hack, those responsible chose, in the first instance, for blocking access to compromised accounts, as well as for eliminating malicious tweets. They later extended the limitation of sending messages to all verified accounts, as well as other high-risk accounts, and it was not until a few hours after they began to return access to their rightful owners, as they affirm taking previous measures to ensure that this action is carried out. done in a safe way.

Regarding what I was saying before limiting the conversation, there are two aspects that seem remarkable to me: the first is that there is no mention of Twitter hacking in the topics of the moment and, I’m sorry, but I find it particularly suspicious. And the second is that, according to some sources, Motherboard has been made with images of the Twitter administrative tools used by the attackers. As well, all the tweets that are being published and that contain those images are being deleted. For not complying with Twitter standards, they claim. I would say that I don’t understand it, but the truth is that I do understand it, and it seems quite ugly to me.

And regarding the scam itself, it seems to me that it is an excellent time to re-remember two things: that blind trust is a bad idea, and that nobody sells hard for four pesetas (Excuse the younger ones, who may not understand this phrase). Oh, and although I always give Facebook a lot of wax regarding security, Twitter also has a lot to improve, and it is that the Twitter hack is only the last of a few episodes.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *